Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214914.roa
File:                     AS214914.roa (raw, json)
Hash identifier:          raWCrx6XCOsGJg4Zx72WAISBIDUg4wOu54dvGeob2qI=
Subject key identifier:   4C:6A:60:27:0C:F6:B6:E3:40:4E:45:62:24:33:A8:F2:91:01:05:2F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2AC31C6AEBB0AB6C655657DD14D71FC034D4CCF6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214914.roa
Signing time:             Thu 07 May 2026 05:47:11 +0000
ROA not before:           Thu 07 May 2026 05:42:11 +0000
ROA not after:            Thu 06 May 2027 05:47:11 +0000
asID:                     214914
IP address blocks:        2a13:9500:80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c3:1c:6a:eb:b0:ab:6c:65:56:57:dd:14:d7:1f:c0:34:d4:cc:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  7 05:42:11 2026 GMT
            Not After : May  6 05:47:11 2027 GMT
        Subject: CN=4C6A60270CF6B6E3404E45622433A8F29101052F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:dd:81:c7:f2:a3:88:82:57:4f:df:37:15:7a:
                    c5:f2:23:70:88:51:e3:c9:58:e9:cc:42:6c:bd:fe:
                    8b:df:b8:f8:03:32:de:70:c4:0d:f0:2b:c1:6e:93:
                    e5:74:97:9b:a2:50:9b:0e:49:8b:41:00:f5:75:9d:
                    ed:51:97:bb:b3:16:45:9b:ce:ec:a0:71:71:17:6a:
                    30:0c:61:f7:4f:41:ed:dd:c9:3e:f0:4a:f4:49:5e:
                    ae:11:03:14:80:bd:51:c7:d2:5a:9e:f1:89:9b:fb:
                    ce:63:08:6c:34:7b:f3:57:e2:a5:9e:6a:b1:a5:a3:
                    c0:e3:0d:ca:31:8f:26:26:28:9d:1d:8b:fa:02:e5:
                    95:32:26:17:f0:0f:f9:73:e4:8a:9c:63:8f:c0:5d:
                    ea:96:99:b7:b6:a7:d0:86:1f:03:67:30:ca:7d:a4:
                    e9:3e:63:5b:65:21:1e:52:f6:13:e3:be:af:da:9e:
                    6a:4d:ed:b9:db:b9:4c:f8:7e:f0:9b:34:49:74:ad:
                    8d:a9:e6:e2:4e:08:e1:2c:55:28:1a:f6:a6:32:34:
                    ad:6e:1c:b6:53:ce:1f:d7:06:98:3e:e6:32:1e:f4:
                    e9:4a:c1:7b:3c:3b:cf:51:d4:d8:7e:08:d2:5d:0a:
                    e5:14:a9:78:fb:a4:ee:9b:51:13:9c:0b:60:96:40:
                    dd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6A:60:27:0C:F6:B6:E3:40:4E:45:62:24:33:A8:F2:91:01:05:2F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:4e:9f:33:f3:ea:7a:e4:49:2b:50:c5:1a:96:18:8c:12:56:
         d1:bf:f5:a7:70:f1:e6:2f:33:a6:a6:d2:ae:0b:55:ed:09:c3:
         45:cb:9c:2a:c7:72:e2:74:74:ca:c2:1c:84:32:77:af:a8:45:
         63:53:79:84:ae:94:f0:fd:4f:22:b0:ed:d2:3e:23:4c:d5:6e:
         5c:da:7e:a8:0a:5c:96:b5:85:e4:43:4f:60:d3:3b:f0:90:55:
         7c:37:ce:8c:a9:98:fb:20:e0:f7:05:40:f3:9a:a6:8a:10:53:
         c1:25:9d:b3:81:73:5a:d4:26:7b:e9:39:00:79:64:c4:6f:42:
         0a:7c:81:e8:77:dc:f7:28:76:2e:17:1a:12:96:3b:b7:fb:eb:
         1c:b0:d0:e2:0f:55:b0:e7:60:20:00:a4:e9:51:7d:9b:06:f4:
         fc:b5:27:96:35:c6:2b:08:09:32:ff:88:ad:5c:d3:10:c4:3c:
         80:60:81:8d:70:8a:a0:d1:ee:45:e5:f7:7f:72:e0:7d:11:ad:
         f1:c4:d8:3c:b1:d0:0c:df:d5:fb:b0:e9:c5:1c:8e:6a:7a:ec:
         a8:1f:2a:47:7d:42:cc:99:df:82:30:4e:76:45:90:63:95:e9:
         c7:3b:b8:f6:e9:4c:b1:1d:70:6d:0d:66:2e:d7:13:07:77:e1:
         2d:e5:d9:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKsMcauuwq2xlVlfdFNcfwDTUzPYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDcwNTQyMTFaFw0yNzA1MDYwNTQ3MTFaMDMxMTAvBgNV
BAMTKDRDNkE2MDI3MENGNkI2RTM0MDRFNDU2MjI0MzNBOEYyOTEwMTA1MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw3YHH8qOIgldP3zcVesXyI3CI
UePJWOnMQmy9/ovfuPgDMt5wxA3wK8Fuk+V0l5uiUJsOSYtBAPV1ne1Rl7uzFkWb
zuygcXEXajAMYfdPQe3dyT7wSvRJXq4RAxSAvVHH0lqe8Ymb+85jCGw0e/NX4qWe
arGlo8DjDcoxjyYmKJ0di/oC5ZUyJhfwD/lz5IqcY4/AXeqWmbe2p9CGHwNnMMp9
pOk+Y1tlIR5S9hPjvq/anmpN7bnbuUz4fvCbNEl0rY2p5uJOCOEsVSga9qYyNK1u
HLZTzh/XBpg+5jIe9OlKwXs8O89R1Nh+CNJdCuUUqXj7pO6bUROcC2CWQN3vAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTGpgJwz2tuNATkViJDOo8pEBBS8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACAMA0GCSqGSIb3DQEBCwUAA4IBAQBjTp8z8+p65EkrUMUalhiMElbRv/WncPHm
LzOmptKuC1XtCcNFy5wqx3LidHTKwhyEMnevqEVjU3mErpTw/U8isO3SPiNM1W5c
2n6oClyWtYXkQ09g0zvwkFV8N86MqZj7IOD3BUDzmqaKEFPBJZ2zgXNa1CZ76TkA
eWTEb0IKfIHod9z3KHYuFxoSlju3++scsNDiD1Ww52AgAKTpUX2bBvT8tSeWNcYr
CAky/4itXNMQxDyAYIGNcIqg0e5F5fd/cuB9Ea3xxNg8sdAM39X7sOnFHI5qeuyo
HypHfULMmd+CME52RZBjlenHO7j26UyxHXBtDWYu1xMHd+Et5dkM
-----END CERTIFICATE-----